When conducting business with Ohio consumers all licensees must make safeguarding nonpublic information a top priority. The Ohio Department of Insurance has long required licensees follow reporting and mitigation procedures when data loss does occur. (R.C. 3904.13, Bulletin 2009-12 - Loss of Control of Policyholder Information). Recently enacted R.C. Chapter 3965 bolsters data loss reporting requirements and adds a requirement for some licensees to develop and maintain an information security program.
The Information Security Resource Center was created to assist licensees in understanding and complying with Ohio’s requirements for safeguarding nonpublic data.